Category Archives: Technology

Critical Thinking? How about just Thinking?

It seems to me that auditing as a profession is not full of critical thinkers, much less thinkers.

If you read my last post about auditor judgment, I’m struggling with some of the junior auditors that I’m working with.

But I’m also struggling with quite a few of the senior auditors that I work with, those that are my peers (which means they peer at what I’m doing and how I’m doing it and then continue on their merry paths).

I came to this opinion based on most of the auditors I’ve met through the years across many companies, small and big, and across sectors, including public service. And also by the many articles calling for the profession to do more critical thinking, and yes, it is needed. 

But let’s start with plain old thinking (walk before run).

Continue reading

2 Comments

Filed under Audit, Data Analytics, Excel, Humor/Irony, Technology

Quote of the Weak – Auditor Judgment

We recently acquired a new data analysis tool in our department, which prompted some of our newbie auditors to share their misunderstanding of auditor judgment and basic data analysis.

A group of less experienced and newer auditors were selected to try out the new tool before it was rolled out department-wide.

 If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here. If you haven’t seen one of these posts before, it’s because I haven’t had one in a while…

Continue reading

4 Comments

Filed under Audit, Data Analytics, Humor/Irony, Quote of the Weak, Technology

Some Periodic Reviews Provide Little Assurance

securityI’ve written before how some periodic reviews provide management with little assurance, but management doesn’t realize how little.

My previous post focused mostly on server access. In this post, I want to look at normal user access.

For example, let’s assume your company has a policy that states that all IDs must be assigned within an Active Directory group. In other words, IDs are assigned to groups, and groups are assigned to assets; IDs should not be assigned directly to an asset.

Assume the control you are testing states that user access is reviewed annually.

Continue reading

Leave a comment

Filed under Audit, Security, Technology

A Sneaky Way to Analyze IT Controls

When auditors need to identify and understand IT controls, they search the company intranet, review policies, look for Github repositories, review inventories, schedule meetings, and analyze IT asset data.

I stumbled on a better way to get insight into the IT controls in my company, and I didn’t have to email anyone, do any research, or frankly, anything outright. The IT controls came after me.

Fortunately, the IT controls were blind to the fact that I am an IT auditor. To them, I was just an ordinary bloke. But that didn’t last long (more on that later).

It Began a Few Years Back

It all started a couple years ago when I was building the infrastructure required to support our data analytic efforts in internal audit.

Continue reading

Leave a comment

Filed under Audit, Case Files, Security, Technology

ACL Officially Changes Name & Spots

It’s official: ACL is changing its name AND its spots.

I’ve claimed several times that ACL has left its first love (analytics) and doesn’t put enough work into their flagship product, ACL Analytics.

Correction: their FORMER flagship product.

At least they are publicly admitting it finally–they NO LONGER are an ANALYTICS company!

Continue reading

9 Comments

Filed under ACL, Data Analytics, Excel, Technology, Written by Skyyler

Quote of the Weak – Clean Data Manually

clean data manuallyIf you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually.

Let me share a recent experience with you….

A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.

If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here.

Continue reading

2 Comments

Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology

Job Automation Quiz

automation quiz

Test how much you know about automation technologies by taking the job automation quiz at Financial Management magazine.

Continue reading

Leave a comment

Filed under Audit, Free, Security, Technology

ACL Robotics is NOT Robotics

RPA the robotContrary to what ACL has been touting as their new ‘robotics’ feature, it is NOT robotics process automation (RPA).

[The ‘robotics’ feature is due out later in 2018. It appears to be ACL’s latest attempt to get you to use their GRC software.]

ACL, via John Verver, defines the term this way in his RPA article: “The idea is a relatively simple one: get computers to perform tasks normally performed by humans, and cut resource and time requirements for many repetitive activities.” Continue reading

3 Comments

Filed under ACL, Audit, Data Analytics, Scripting (ACL), Technology

Steal from Agile to Increase Audit Analytics

agile analyticsTo increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits.

If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the bottom of each page; the topics are quick to the point and full of pictures).

Briefly, agile projects are performed in cycles, or iterations, rather than in a long, linear-waterfall fashion, which is: do all planning, then field work, then reporting. Each iteration of the project creates some value and includes feedback, which is used in the next iteration to increase the value of the project.

Continue reading

Leave a comment

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Kyle and a Conversation about Analytics

kyle bitsA while back, a reader named Kyle and I had a conversation about analytics.

It started with his reading my Excel:Basic Data Analytics post where I list a number of procedures that anyone can do in Excel.

Kyle said he was expecting some “super sophisticated process & methodology that works like magic.”

Continue reading

Leave a comment

Filed under Audit, Data Analytics, Technology

Create a Team for Audit Analytics? Part 3

analytics team?In the previous post, Create a Team for Audit Analytics? Part 2, I explored the pros and cons of expecting all auditors to develop a level of data and analytic proficiency.

These auditors would continue to do audit testing that involves analytics as well as testing that does not involve analytics. In addition to keeping up their business skills, they would be learning and upgrading their data analytic skills.

In the first post of this series, I reviewed some of the pluses and minuses of creating a dedicated analytics team.

However, a third option exists, which is sort of a hybrid between having dedicated analytic auditors doing all the analytic work and requiring everyone to increase and develop their data and analytic skills.

Let’s explore the hybrid method in this post, and wrap up the series with a few final thoughts.

This is the third post of a 3-part series…

Continue reading

7 Comments

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Create a Team for Audit Analytics? Part 2

analytics team?In the previous post, Create a Team for Audit Analytics? Part 1, I explored the pros and cons of developing an analytics team.

This team consists of analytic auditors who are dedicated to analytic projects; they would NOT typically manage audits or testing that did not include analytics.

In this post, let’s explore another option for managing and growing analytics in an audit department — expecting all auditors to develop a level of data and analytic proficiency.

This is the second post of a 3-part series…

 

Continue reading

1 Comment

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Create a Team for Audit Analytics? Part 1

analytics team?Once your audit team has proven the value of doing analytics consistently, the next question is: Do we create an analytics team and have the team do all (or the majority) of the analytics?

Or should we expect all auditors to develop some levels of analytics proficiency?

Of course, this question often comes a bit further down the trail on the analytics journey, but I think the sooner it is decided, the better.

This is the first post of a 3-part series…

Continue reading

2 Comments

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

The Analytic Staircase for Auditors

analytic staircase stepsBuilding a successful audit analytics program is like climbing a staircase.

The staircase is a set of steps that consist of several items having increasing levels of maturity.

The staircase steps not only help you build your program, but enable you to measure that maturity.

As you view the staircase graphic, mentally insert the word “analytics” before each step.

Continue reading

3 Comments

Filed under ACL, Audit, Data Analytics, How to..., Technology, Written by Skyyler

5 Things We Need from ACL in 2018

5 thingsHere’s the 5 things I’m hoping will change in 2018 regarding ACL.

They are all related to each other and feed off each other…

Interesting.

Continue reading

9 Comments

Filed under ACL, Audit, Data Analytics, Excel, Scripting (ACL), Technology, Written by Skyyler

Quick Introduction to ACL

If you’ve ever wondered what Audit Command Language (ACL) is, here’s a quick way to find out.

ACL has provided a quick, one-page introduction to ACL. And I mean quick.

It doesn’t explain a lot, but it gives you a quick peek at the basic user interface.

You could call it the ACL Overview for Dummies.

Continue reading

2 Comments

Filed under ACL, Audit, Data Analytics, Technology

No Analytics, No Audit Department

dead-audit-department

If YOUR audit department doesn’t embrace data, analytics, and automation eventually, your audit department will NOT exist.

No data, no analytics. No analytics, no automation. Eventually, no audit department.

Editor Note: This post really applies to all departments in a company, but mainly I’m addressing auditors, but you might want to read between the business lines….

By embrace, I don’t mean have one or two auditors working on this. I mean the entire department.

Before you cite all the regulatory requirements mandating the existence of an audit department in companies, having an audit department in name only won’t cut it.

Having an inept audit department will not be acceptable to regulators, and it shouldn’t be acceptable to company management either. Or Audit Committees!

Companies need skilled and efficient auditors that can do the heavy lifting, and this need will only increase.

Continue reading

17 Comments

Filed under Audit, Data Analytics, Employment, Technology, Written by Skyyler

Audit Automation is NOT all Automation

audit automation ACLSome Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.

In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.

Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.

That is not the case at all.

Continue reading

3 Comments

Filed under ACL, Audit, Data Analytics, Scripting (ACL), Security, Technology, Written by Skyyler

CISA Does NOT an IT Auditor Make

cisa study guide, tipsPassing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.

Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.

I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.

You just won’t feel the love right away…

Continue reading

10 Comments

Filed under Audit, Certification, Employment, How to..., Technology, Written by Skyyler

Robotics to Replace ACL, Part 2

robot replace ACLPreviously I wrote Will Robotics (RPA) Replace ACL?

The short answer is no, and I describe the reasons in that post.

But that doesn’t mean someone won’t try.

Shortly after I wrote my original robotics post, I encountered robotics vs. ACL, part 2.

Continue reading

1 Comment

Filed under ACL, Audit, Scripting (ACL), Technology

10+ Signs Mgmt Doesn’t Really Support Analytics

mgmt doesn't support analyticsYour management says it wants more analytics, but does it really support analytics? Here’s 10+ signs that indicate that your mgmt:

  • Does NOT knows what it takes to get analytics off the ground
  • Believes that analytics multiply like rabbits, naturally
  • Is NOT willing to make the adjustments required to deliver and sustain real value.

Continue reading

5 Comments

Filed under Audit, Data Analytics, How to..., Technology, Top 10, Written by Skyyler

New IT Auditor (and WannaBEs) Master List

Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.

Continue reading

11 Comments

Filed under Audit, Employment, How to..., Security, Technology

Use LinkedIn to get an IT Audit job

If you’re looking for an IT Audit job, here’s how to use LinkedIn to get noticed.

new-auditorIn a nutshell, you need to enhance your LinkedIn profile so that everyone knows you’re working hard at learning IT auditor skills.

If you’re already working as an IT auditor, use these suggestions to get noticed more and move ahead (or into another company with more opportunities).

Continue reading

4 Comments

Filed under Audit, Certification, Employment, How to..., Technology

Why Internal Auditors Should Care about Robotic Process Automation

3 Comments

Filed under Audit, Data Analytics, Employment, How to..., Technology

How to get an IT Audit job with little or no experience

I get asked all the time, “How do I get a job in IT audit with little or no experience?”

When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers.

You’ll find these same answers scattered around the blog as I answered people in the past, but I thought I’d pull it all together into one place.

Breaking into any field can be difficult, but it can be done. Especially when the demand for IT auditors is so high.

Continue reading

26 Comments

Filed under Audit, Certification, Employment, How to..., Technology

Top 10 Reasons Why Being an IT Auditor is So Hard

tenBefore you choose a career as an IT auditor, consider my top 10 reasons why being an IT auditor is so hard.

Continue reading

3 Comments

Filed under Audit, Employment, Technology, Top 10

Careers After IT Auditing

life-after-it-auditRecently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading

16 Comments

Filed under Audit, Employment, How to..., Technology

Do you have User IDs Hidden in the Cloud?

hidden-in-the-cloudIt’s 10 o’clock in the cloud. Do you know where all your user IDs are? Are some hidden in the cloud?

Cloud security if often cloudy because it’s not on premise where you can control it easier.

That means you may have powerful user IDs in the cloud that your security team knows nothing about, which means….

Continue reading

2 Comments

Filed under Audit, Case Files, Technology

Real Auditors Use Excel PowerPivot

powerpivot iconIf you’re an auditor and you are not yet using Excel PowerPivot, you are missing the next greatest thing since spreadsheets arrived.

If you are NOT an auditor, and you don’t use PowerPivot, you’re in the same boat with the auditors mentioned above, and it is sinking.

In other words, if you use Excel, you should be learning Excel PowerPivot. It’s that big.

Let me explain why.

NOTE: I updated this post quite a bit with new info…

Continue reading

13 Comments

Filed under Audit, Data Analytics, Excel, Free, Technology

Auditors, Do Data Analytics or Die

If you’re an auditor, you need data analytic skills or you will die.

Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.

Pretty bold statement, isn’t it?

Continue reading

10 Comments

Filed under Audit, Data Analytics, Employment, Free, Technology, Written by Skyyler

New IT Auditors Should Start Here

new-auditorIf you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

  1. Provide basic information regarding IT audit and security and links to other sources.
  2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
  3. Give you ideas and approaches for some common and uncommon audits.
  4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.

Continue reading

15 Comments

Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology

The Simplest, Cheapest, and Most Effective Disaster Recovery Plan Ever

disaster-recovery-planAbout a decade ago, I personally witnessed the handover of the simplest, cheapest, and most effective disaster recover plan ever.

Let me first give you a little background….

I worked for a great IT director, who moved to another company, much bigger, and brought me with him.

In the new company, he again was responsible for all IT, and he brought me along to manage security and disaster recovery.

If I named this company, at least 25% of you would recognize it, even those of you around the world–true story, too.

Continue reading

6 Comments

Filed under Case Files, Humor/Irony, Security, Security Scout, Technology

Some of my Favorites

Since some of you are newer to the blog, I thought I’d bring a couple of my favorite posts to your attention.

Continue reading

Leave a comment

Filed under ACL, Audit, How to..., Security, Technology, Top 10